Solving Bandit 11 → 14 levels


I’ve decided to solve all the bandit levels until the end of the year and to blog about it. It feels like that I have a lot of time but I’m also a bit worried, because I’m pretty sure that the further I go the harder it becomes and the more time I’ll need for a problem. Let’s give it a start.

Bandit Level 10 → 11

It says that our password is base64 encoded. The attached article of Wiki helped me to understand remotely what base64 stands for and the man page helped me to find out, that we need -d to decode. So I just did:

cat data.txt | base64 -d

Mission accomplished. There is the password for the next level.

Bandit Level 11 → 12

I guess we’re learning some encoding-decoding methods in this phase. This time all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions. The attached article is talking about Rot13. This is fun (I remembered how we used to “decode” our letters at school adding “b” or “g” to every syllable). I found this rot13 decoder online and I’m gonna use it now. And there is the decoded text with the password of the next level. Yey!

Bandit Level 12 → 13

At the first sight this one seems to be a harder one. What is hex dump? The article says that in a hex dump, each byte is represented as a two-digit hexadecimal number. And what is the difference between hexadecimal and decimal numeral systems? Unlike the standard system representing numbers using 10 symbols, hexadecimal uses 16 distinct symbols, most often the symbols “0”–”9″ to represent values 0 to 9, and “A”–”F” (or alternatively “a”–”f”) to represent values from 10 to 15. Oh, that’s why it’s also called base-16. OK, got it. The article also says that one of the common names for this program function is xxd. Let’s read the man page.

xxd - make a hexdump or do the reverse.

That’s exactly what we want to do here. The hardest part is that the file has been compressed repeatedly. The key word is repeatedly. I really thought twice or thrice but the reality was way different. On the man page of xxd I found this:

-r | -revert
    Reverse  operation:  convert (or patch) hexdump into binary.

I decided to follow the advice and made a new directory in /tmp:

mkdir /tmp/coffee123

Now let’s try to move the decoded file to a new file named “data”. `Now let’s try to move the decoded file to a new file named “data”.

xxd -r data.txt /tmp/coffee123/data

`The rest of decoding is being done in our new temporary directory. We check the type of the file just made:

$ file data

The new file turns out to be a gzip compressed. We have to rename it:

$ mv data data.gz

and now we can decompress it:

$ gzip -d data.gz

After checking the type of the file, we see it’s bzip2 compressed. Now it feels like this has no end. So I found out a much easier way to decompress the file with line. Check this out:

cat data.txt  | xxd -r - | zcat - | bzcat - | zcat - | tar -x -f - -O | tar -x -f - -O | bzcat - | tar -x -f - -O | zcat -

And there is the password for the next level. I’m going to explain this line in details on my next blog, so stay tuned.

Bandit Level 13 → 14

Wow! Nice! For this level we have an SSH key. First of let’s go through the material and if needed, watch some videos to understand the concept thoroughly. What I learnt from all of these reading, I just need to use -i for using the private key to connect. So I just type:

$ ssh bandit14@localhost -p 2220 -i sshkey.private

No password, not even needed, because I’m already on the next level. Anyway, we can find the password in /etc/bandit_pass.

I thought it’s supposed to be easier…

Leave a Reply

Your email address will not be published. Required fields are marked *